<?php

class SecurityObject {
	
	private $secObjects, $pkSecurityUser, $isNew, $perms;
	
	//private static $secPermCache;
	
	function __construct() {
		$this->secObjects = array();
	}
	
	function loadSecurityObject($pkSecurityObject="") {

		if($pkSecurityObject) {
			$this->addSecurityObject($pkSecurityObject);
		}
		
		$this->setUser(SecurityUser::getUser()->getPkSecurityUser());
	}
	
	function addSecurityObject($pkSecurityObject) {

		/*
		
		$cfg = Runtime::getConfiguration();
		$conn = MySQLConnection::getInstance();
		
		
		$addSecObj = $conn->quickQuery("SELECT pkSecurityObject, fkOwner 
									 	FROM " . $cfg['table_prefix'] . "SecurityObject
										WHERE pkSecurityObject = '$pkSecurityObject'");
								
		array_push($this->secObjects, $addSecObj);
		*/

		array_push($this->secObjects, $pkSecurityObject);
									 					 
	}
	
	function setUser($pkSecurityUser) {

		$cfg = Runtime::getConfiguration();
		$conn = MySQLConnection::getInstance();
		
		$this->pkSecurityUser = $pkSecurityUser;
		
		
		if(!$this->isNew) {
			//Load Permissions for this User (can be Multible Security Objects);
			
			$strSecObj = "";
			while(list($id, $obj) = each($this->secObjects)) {
				$strSecObj.=($strSecObj!=""?", ":"") . $obj;
			}
			$strSecObj;
			
			
			//Create SQL-Statement
			
			$sql = "SELECT pkSecurityPermission, canCreate, canRead, canUpdate, canDelete, canAdmin 
					FROM " . $cfg['table_prefix'] . "SecurityPermission 
					WHERE fkSecurityObject IN ( $strSecObj ) AND (
						  fkSecurityUser = '$this->pkSecurityUser' 
						  OR fkSecurityGroup IN ( 
						  	SELECT fkSecurityGroup FROM " . $cfg['table_prefix'] . "SecurityUserGroup
							WHERE fkSecurityUser = '$pkSecurityUser'
							)
						  )";
			
			//Prepare Array
			$this->perms = array('canCreate' => null,
						   'canRead'   => null,
						   'canUpdate' => null,
					       'canDelete' => null,
						   'canAdmin'  => null
			);			  
						  
			//This results in a set of Permissions for the specified SecurityObject(s) related to the user
			$res = $conn->query($sql);
			while (list($pkSecurityPermission, $canCreate, $canRead, $canUpdate, $canDelete, $canAdmin) = mysql_fetch_array($res)) {
				
				//echo "durchgang " . ++$i;
				
				/*
				 * Merge Rights
				 * ------------
				 * 
				 * Rules:
				 * true + true = true 
				 * true + null = true
				 * true + false = false
				 * false + false = false
				 * false + null = false
				 * 
				 * false is 0, true is 1, null is not set in DB
				 */
								
				if($canCreate!=null) { $this->perms['canCreate'] = ($this->perms['canCreate'] || ($this->perms['canCreate']==null && $canCreate)); }
				if($canRead!=null)   { $this->perms['canRead']   = ($this->perms['canRead']   || ($this->perms['canRead']  ==null && $canRead)); }
				if($canUpdate!=null) { $this->perms['canUpdate'] = ($this->perms['canUpdate'] || ($this->perms['canUpdate']==null && $canUpdate)); }
				if($canDelete!=null) { $this->perms['canDelete'] = ($this->perms['canDelete'] || ($this->perms['canDelete']==null && $canDelete)); }
				if($canAdmin!=null)  { $this->perms['canAdmin']  = ($this->perms['canAdmin']  || ($this->perms['canAdmin'] ==null && $canAdmin)); }
			}
			
			//print_r($this->perms);
		}
		else {
			//Do nothing special
		}
		
	}
	
	function canCreate() { return $this->perms['canCreate']; }
	function canRead()   { return $this->perms['canRead']; }
	function canUpdate() { return $this->perms['canUpdate']; }
	function canDelete() { return $this->perms['canDelete']; }
	function canAdmin()  { return $this->perms['canAdmin']; }
	
	
	function createNew() {
		$this->isNew = true;
	}
	
	function addUserPermission($fkSecurityUser, $canCreate=true, $canRead=true, $canUpdate=true, $canDelete=true, $canAdmin=true) {
		
		//TODO: Make this good
		$this->perms['canCreate'] = ($this->perms['canCreate'] || ($this->perms['canCreate']==null && $canCreate));
		$this->perms['canRead']   = ($this->perms['canRead']   || ($this->perms['canRead']  ==null && $canRead));
		
	}
	
	function addGroupPermission($fkSecurityGroup, $canCreate=true, $canRead=true, $canUpdate=true, $canDelete=true, $canAdmin=true) {
		
	}	
}

?>